Skip Headers
Oracle® Fusion Middleware Oracle Authorization Policy Manager Administrator's Guide (Oracle Fusion Applications Edition)
11
g
Release 1 (11.1.4)
Part Number E20839-03
Home
Book List
Index
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documentation
Conventions
1
Getting Started With Oracle Authorization Policy Manager
1.1
Understanding Authorization Policy Manager
1.1.1
What is Oracle Entitlements Server?
1.1.2
Using the Authorization Policy Manager Console
1.1.2.1
Assigning Administrators
1.1.2.2
Using the Identity Store
1.1.2.3
Using the Policy Store
1.1.3
Putting It Together
1.2
Installing and Configuring Authorization Policy Manager
1.2.1
Before You Begin
1.2.2
Installing Authorization Policy Manager
1.2.3
Changing From Basic to Advanced Policy Authorization
1.2.4
Reconfiguring the Default Identity Store
1.2.5
Configuring High Availability
1.2.6
Connecting with Secure Sockets Layer
1.2.7
Setting Loggers
1.2.8
Displaying Text in Foreign Languages
1.3
Accessing the Authorization Policy Manager Administration Console
1.3.1
Signing In to the Administration Console
1.3.2
Signing Out of the Administration Console
1.4
Navigating the Authorization Policy Manager Administration Console
1.4.1
Understanding the Main Tabs
1.4.1.1
Authorization Management Tab
1.4.1.2
System Configuration Tab
1.4.2
Using The Navigation Panel
1.4.3
Understanding the Home Area
1.4.4
Accessing Help
2
Understanding The Policy Model
2.1
Understanding Oracle Entitlements Server Policies
2.1.1
Granting and Denying Access Using Policies
2.1.2
Understanding the Authorization Policy
2.1.3
Understanding Role Assignments and the Role Mapping Policy
2.2
How Oracle Entitlements Server Evaluates Policies
2.3
The Policy Object Glossary
2.4
Implementing a Policy Use Case
2.4.1
Protecting Software Components
2.4.2
Protecting Business Objects
3
Managing Policies and Policy Objects
3.1
Introducing Policy and Policy Object Management
3.1.1
Organizing Policy Objects
3.1.2
Using Application Roles
3.1.3
Mapping Oracle Fusion Applications and Authorization Policy Manager Terms
3.2
Defining an Authorization Policy And Its Components
3.3
Adding Fine-Grained Elements to an Authorization Policy
3.4
Implementing An Authorization Policy Step by Step
3.5
Managing Policy Objects in An Application
3.5.1
Managing Applications
3.5.1.1
Creating an Application
3.5.1.2
Modifying an Application
3.5.1.3
Deleting an Application
3.5.2
Managing Resource Types
3.5.2.1
Creating a Resource Type
3.5.2.2
Modifying a Resource Type
3.5.2.3
Deleting a Resource Type
3.5.3
Managing Resources
3.5.3.1
Creating a Resource
3.5.3.2
Modifying a Resource
3.5.3.3
Deleting a Resource
3.5.4
Managing Entitlements
3.5.4.1
Creating an Entitlement
3.5.4.2
Modifying an Entitlement
3.5.4.3
Deleting an Entitlement
3.5.5
Managing Authorization Policies
3.5.5.1
Creating an Authorization Policy
3.5.5.2
Modifying an Authorization Policy
3.5.5.3
Deleting an Authorization Policy
3.5.6
Managing Application Roles in the Role Catalog
3.5.6.1
Creating an Application Role
3.5.6.2
Modifying an Application Role
3.5.6.3
Mapping External Roles to an Application Role
3.5.6.4
Mapping External Users to an Application Role
3.5.6.5
Deleting an Application Role or Removing External Role Mappings
3.5.7
Managing Role Mapping Policies
3.5.7.1
Creating a Role Mapping Policy
3.5.7.2
Modifying a Role Mapping Policy
3.5.7.3
Deleting a Role Mapping Policy
3.5.8
Managing a Role Category
3.5.9
Managing Attributes and Functions as Extensions
3.5.9.1
Creating an Attribute
3.5.9.2
Modifying an Attribute
3.5.9.3
Deleting an Attribute
3.5.9.4
Creating a Function
3.5.9.5
Modifying a Function
3.5.9.6
Deleting a Function
3.6
Using the Condition Builder
3.6.1
Building a Complex Expression
3.6.2
Passing Parameters to Functions
Searching with the Administration Console
Finding Objects with a Simple Search
Finding Objects with an Advanced Search
Searching External Roles
Searching Applications
Searching Resource Types
Searching Application Roles
Searching Role Mapping Policies
Searching Resources
Searching Entitlements
Searching Authorization Policies
Searching Attributes
Searching Functions
Searching for Users Globally
4
Configuring Predefined Attribute Retrievers
4.1
Understanding Predefined Attribute Retrievers
4.2
Configuring the Predefined Attribute Retrievers
4.2.1
Configuring the LDAP Repository Attribute Retriever Parameters
4.2.2
Configuring the Database Repository Attribute Retriever Parameters
4.2.3
Configuring Individual Attributes for Predefined Attribute Retrievers
4.3
Modifying jps-config.xml
4.4
Setting Up PIP Connection Credentials
5
Delegating With Administrator Roles
5.1
About Delegated Administrators
5.2
Delegating Using Scope and Granularity
5.3
Delegating Application Administration
5.3.1
Adding a Delegated Administrator for An Application
5.3.2
Modifying or Deleting an Application's Delegated Administrator
5.4
Using Policy Domains to Delegate
5.4.1
Creating a Policy Domain
5.4.2
Modifying a Policy Domain
5.4.3
Deleting a Policy Domain
5.5
Delegating Policy Domain Administration
5.5.1
Adding a Delegated Administrator to a Policy Domain
5.5.2
Modifying or Deleting a Policy Domain's Delegated Administrator
5.6
Managing System Administrators Using Administrator Roles
5.6.1
Creating a New Administrator Role
5.6.2
Assigning Privileges to an Administrator Role
5.6.3
Modifying Administrator Role Membership
5.6.4
Deleting an Administrator Role
6
Upgrading Oracle Fusion Applications Policies
6.1
Overview
6.1.1
Terminology
6.1.2
Upgrading Process Overview
6.2
Prerequisites to Patching Policies
6.3
The Policy Upgrade Management Tab
6.4
Analyzing Patch Differences
6.5
Resolving Patch Differences
6.5.1
Changes and Conflicts
6.5.2
Resolving Changes and Conflicts
6.6
Applying a Patch
7
Customizing the User Interface
7.1
Customizing Authorization Policy Manager
7.2
Customizing Headers, Footers, and Logo
7.3
Customizing Color Schemes
7.4
Customizing the Login Page
8
Managing Policy Distribution
8.1
Understanding Policy Distribution
8.1.1
Using a Central Policy Distribution Component
8.1.2
Using a Local Policy Distribution Component
8.2
Defining Distribution Modes
8.2.1
Controlled Distribution
8.2.2
Non-controlled Distribution
8.3
Distributing Policies
8.3.1
Distributing Policies Using the Administration Console
9
Oracle Fusion Applications Data Role Templates
9.1
Using Data Role Templates
9.2
Before You Begin
9.3
Creating a Template
9.4
Running a Template
9.4.1
Running Templates Programmatically
9.5
Updating a Template
9.6
Importing and Exporting a Template
10
Managing Oracle Fusion Applications Data Security Policies
10.1
Database Resources and Policies Overview
10.1.1
Prerequisites and Best Practices for Creating Data Security Policies
10.1.2
Process Overview for Creating Data Security Policies
10.2
Searching Database Resources and Policies
10.2.1
Searching Database Resources
10.2.2
Locating Policies Associated with a Database Resource
10.3
Managing Database Resources
10.3.1
Specifying Database Resource Column Details
10.3.1.1
Specifying the Primary Key Columns of the Policy's Database Resource
10.3.1.2
Filtering Columns of the Policy's Database Resource
10.3.2
Managing Database Resource Conditions
10.3.3
Managing Database Resource Actions
10.4
Managing Data Security Policies
10.4.1
Creating a Data Security Policy
10.4.2
Modifying a Custom Data Security Policy
11
Managing System Configurations
11.1
Delegating With Administrators
11.2
Configuring Security Module Definitions
11.2.1
Creating a Security Module Definition
11.2.2
Binding an Application to a Security Module
11.2.3
Unbinding an Application From a Security Module
11.2.4
Deleting a Security Module Definition
12
Management Tasks
12.1
Integrating with WebLogic Server
12.2
Managing Audit Tasks
12.2.1
Auditing Events
12.2.2
Configuring Auditing
12.2.3
Additional Auditing Information
12.3
Migrating Policies
12.3.1
Migrating From XML to LDAP
12.3.2
Migrating From LDAP to XML
12.3.3
Migrating From XML to Database
12.3.4
Migrating From Database to XML
12.4
Configuring Cache
12.4.1
Configuring Decision Caching
12.4.2
Configuring Attribute Caching
12.5
Debugging
12.5.1
Configuring Logging for Debugging
12.5.1.1
Configuring Logging for a Java Security Module Deployment
12.5.1.2
Configuring Logging for a WebLogic Server Security Module Deployment
12.5.2
Searching Logs to Debug Authorization Policies
12.5.2.1
Searching for PEP Request Information
12.5.2.2
Searching for Security Module Cache Configuration Parameters
12.5.2.3
Searching for Principals
12.5.2.4
Searching for Resources and Actions
12.5.2.5
Searching for the Value of an Attribute
12.5.2.6
Searching for an Authorization Decision
12.5.2.7
Searching for the Value of an Obligation
12.5.2.8
Searching for Static Application Roles
12.5.3
Debugging Policy Distribution
A
Using an OpenLDAP Identity Store
A.1
Using an OpenLDAP Identity Store
B
Troubleshooting Oracle Authorization Policy Manager
B.1
Unable to Login
B.2
Need Further Help?
C
Configuration Parameters
C.1
Policy Distribution Configuration
C.1.1
Policy Distribution Component Server Configuration
C.1.2
Policy Distribution Component Client Configuration
C.1.2.1
Policy Distribution Component Client Java Standard Edition Configuration (Controlled Push Mode)
C.1.2.2
Policy Distribution Component Client Java Enterprise Edition Container Configuration (Controlled Push Mode)
C.1.2.3
Policy Distribution Client Configuration (Controlled Pull Mode)
C.1.2.4
Policy Distribution Client Configuration (Non-controlled Mode)
C.2
Security Module Configuration
C.2.1
Java Security Module
C.2.2
Web Services Security Module
C.2.3
RMI Security Module
C.2.4
WebLogic Server Security Module
C.3
PDP Proxy Configuration
C.3.1
Web Services Security Module Proxy Client
C.3.2
RMI Security Module Proxy Client
C.4
Policy Store Service Configuration
Index
Scripting on this page enhances content navigation, but does not change the content in any way.